- Description
- When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.9 version. A workaround is to temporarily switch to the h2o provider until DNSdist has been upgraded to a fixed version. We would like to thank Charles Howes for bringing this issue to our attention.
- Source
- security@open-xchange.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- security@open-xchange.com
- CWE-416
- Hype score
- Not currently trending
🚨Alert🚨 CVE-2025-30194:High-Severity DoS Vulnerability Found in PowerDNS https://t.co/fXCIHcLBsX affects versions from 1.9.0 up to 1.9.8. 📊83.6K+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/c3FbHTFlBf 👇Query HUNTER : https:/
@HunterMapping
6 May 2025
1361 Impressions
6 Retweets
17 Likes
9 Bookmarks
0 Replies
0 Quotes
CVE-2025-30194 (CVSS:7.5, HIGH) is Awaiting Analysis. When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by craftin..https://t.co/g9RGsiIxjP #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
4 May 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
برای نرم افزار DNSdist مربوط به powerDNS ، آسیب پذیری با کد شناسایی CVE-2025-30194 و از نوع DOS منتشر شده است. نسخه های 1.9.0 تا 1.9.8 این محصول دارای این آسیب پذیری می باشند. ب
@AmirHossein_sec
1 May 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 PowerDNS has released DNSdist 1.9.9 to patch CVE-2025-30194, enabling remote DoS attacks via DNS over HTTPS. Users should upgrade or switch to the h2o provider as a temporary fix. 🇺🇸 #PowerDNS #DNSdist #SecurityUpdate link: https://t.co/odnzyr4xfM https://t.co/Uos6pCS
@TweetThreatNews
1 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical DoS vulnerability (CVE-2025-30194) has been found in PowerDNS DNSdist (v1.9.0–1.9.8) via nghttp2. Remote attackers can crash services via crafted DoH requests. Patch now. 🔒 #CyberSecurity #DNS #CVE202530194 https://t.co/9NjYgzSg5n
@threatsbank
30 Apr 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-30194 When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memo… https://t.co/gyXgjfdGjB
@CVEnew
29 Apr 2025
346 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes